CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-10749

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0150%
EPSS Percentile20.90th
Published2019年10月29日
Last Modified2024年11月21日

Vulnerability Description

sequelize before version 3.35.1 allows attackers to perform a SQL Injection due to the JSON path keys not being properly sanitized in the Postgres dialect.

Affected Platforms (CPE)

📦
Sequelizejs

Sequelize

< 3.35.1

References & Advisories

🔗 https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
🔗 https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222
🔗 https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
🔗 https://snyk.io/vuln/SNYK-JS-SEQUELIZE-450222

相关漏洞威胁

CVE-2016-105519.8

waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like...

CVE-2019-107489.8

Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnerable to SQL Injection due to JSON path keys not being properl...

CVE-2019-107529.8

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function...

CVE-2016-105509.8

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQ...